I'm nearing completion of what I'm looking for. Once I get the last few kinks 
ironed out, I'll work on cleaning up my install and hopefully putting together 
a new blog post\guide on how to do what I did. 

Netflow data with ASNs (extra work because Mikrotik) is making it into 
Elasicsearch and Kibana sees the index and the fields in it. I imported a 
dashboard from somewhere that relied on some different values than I'm 
currently pushing from pmacct. Hopefully I can get all that stuff to mesh. 



----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest Internet Exchange 
http://www.midwest-ix.com 

----- Original Message -----

From: "Mike Hammett" <pmacct-discuss...@ics-il.net> 
To: "Paolo Lucente" <pa...@pmacct.net>, pmacct-discussion@pmacct.net 
Sent: Saturday, March 3, 2018 4:34:15 PM 
Subject: Re: [pmacct-discussion] pmacct + ELK made easy? 


Perhaps I should back up and request a beginners guide to pmacct. Most of what 
I've read today has largely assumed you already know what you're doing. I 
haven't found a good from the ground-up setup guide. 

I generally prefer installing whatever package is in the distro's repository to 
make upgrades and dependencies easier, but it seems like pmacct has limited 
plugin packages. Strangely, it seems like Debian is more current than Ubuntu at 
the moment (1.6.1 vs. 1.5.2). Anyway, I digress. 

So what do I need to do to get to that point? 

Download and extract the tar. 
I'm not sure which plugins I need to enable at compilation as I'm not sure 
where I'm sending the data. So far I've gone forward with just jansson, which 
may not even be needed, I don't know. 

I have it collecting promiscuously on the Ethernet port for now, putting it 
into memory. 

I should probably make sure my netflow config works correctly as well. 

Where am I putting the BGP configuration? Right into the netflow config file as 
that's the traffic data I intend to ingest? 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest Internet Exchange 
http://www.midwest-ix.com 

----- Original Message -----

From: "Paolo Lucente" <pa...@pmacct.net> 
To: pmacct-discussion@pmacct.net 
Sent: Saturday, March 3, 2018 10:13:08 AM 
Subject: Re: [pmacct-discussion] pmacct + ELK made easy? 


Anthony is correct. The incarnation of that blog entry about pmacct + 
ELK is the pmacct-to-elasticsearch project that you can find on GitHub: 

https://github.com/pierky/pmacct-to-elasticsearch 

Also here you can find a guide on how to integrate pmacct with InfluxDB 
(on top of the same blog entry that Anthony already referenced about 
ELK): 

https://github.com/pmacct/pmacct/wiki/External-Links 

Paolo 

On Sat, Mar 03, 2018 at 03:30:38PM +0000, Anthony Caiafa wrote: 
> It seems you can probably build one based off these two 
> 
> https://blog.pierky.com/integration-of-pmacct-with-elasticsearch-and-kibana/ 
> 
> https://blogs.cisco.com/security/step-by-step-setup-of-elk-for-netflow-analytics
>  
> 
> 
> I am sure with a little more is googling you’ll be able to find something 
> or put a post together. 
> 
> On Sat, Mar 3, 2018 at 9:12 AM Jon Nistor <nis...@snickers.org> wrote: 
> 
> > That would be really awesome if there were a guide :> 
> > 
> > 
> > From: Mike Hammett <pmacct-discuss...@ics-il.net> 
> > <pmacct-discuss...@ics-il.net> 
> > Reply: pmacct-discussion@pmacct.net <pmacct-discussion@pmacct.net> 
> > <pmacct-discussion@pmacct.net> 
> > Date: March 3, 2018 at 9:03:00 AM 
> > To: pmacct-discussion@pmacct.net <pmacct-discussion@pmacct.net> 
> > <pmacct-discussion@pmacct.net> 
> > Subject: [pmacct-discussion] pmacct + ELK made easy? 
> > 
> > Anyone know of a good A - Z pmacct - ELK stack guide? Debian preferred, 
> > but not required. 
> > 
> > 
> > 
> > 
> > ----- 
> > Mike Hammett 
> > Intelligent Computing Solutions 
> > http://www.ics-il.com 
> > <https://www.facebook.com/ICSIL> 
> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
> > <https://www.linkedin.com/company/intelligent-computing-solutions> 
> > <https://twitter.com/ICSIL> 
> > Midwest Internet Exchange 
> > http://www.midwest-ix.com 
> > <https://www.facebook.com/mdwestix> 
> > <https://www.linkedin.com/company/midwest-internet-exchange> 
> > <https://twitter.com/mdwestix> 
> > _______________________________________________ 
> > pmacct-discussion mailing list 
> > http://www.pmacct.net/#mailinglists 
> > 
> > _______________________________________________ 
> > pmacct-discussion mailing list 
> > http://www.pmacct.net/#mailinglists 

> _______________________________________________ 
> pmacct-discussion mailing list 
> http://www.pmacct.net/#mailinglists 


_______________________________________________ 
pmacct-discussion mailing list 
http://www.pmacct.net/#mailinglists 

_______________________________________________ 
pmacct-discussion mailing list 
http://www.pmacct.net/#mailinglists 
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to